Uploaded image for project: 'Weld'
  1. Weld
  2. WELD-361

Preventing reflection misuse

XMLWordPrintable

      Prevent misuse of Weld reflection privilege elevation (either through using reflection util classes directly or through other API/SPI)

            [WELD-361] Preventing reflection misuse

            Jozef Hartinger added a comment -

            We should get rid of public SecureReflections that are secured by weld.reflection permission and instead use a package-private implementation.

            Jozef Hartinger added a comment - We should get rid of public SecureReflections that are secured by weld.reflection permission and instead use a package-private implementation.

            Pete Muir (Inactive) added a comment -

            This issue is largely implemented however we need a full audit of the solution to ensure it doesn't allow privilege escalation. It's possible we can get this help from Oracle, if not Anil and team have offered to help out.

            Pete Muir (Inactive) added a comment - This issue is largely implemented however we need a full audit of the solution to ensure it doesn't allow privilege escalation. It's possible we can get this help from Oracle, if not Anil and team have offered to help out.

            Pete Muir (Inactive) added a comment -

            Not a priority for this release

            Pete Muir (Inactive) added a comment - Not a priority for this release

            Pete Muir (Inactive) added a comment -

            Not going to happen in time for 1.0.1 now

            Pete Muir (Inactive) added a comment - Not going to happen in time for 1.0.1 now

              Unassigned Unassigned
              nickarls Nicklas Karlsson (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: